Vulnerability Details CVE-2008-4326
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://jvn.jp/en/jp/JVN54824688/index.html
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000061.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
- http://osvdb.org/48511
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/libraries/js_escape.lib.php?r1=11514&r2=11603&pathrev=11603
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/js_escape.lib.php?view=log&pathrev=11603
- http://secunia.com/advisories/31974
- http://secunia.com/advisories/31992
- http://secunia.com/advisories/32954
- http://secunia.com/advisories/33822
- http://typo3.org/teams/security/security-bulletins/typo3-20080924-1/
- http://www.debian.org/security/2008/dsa-1675
- http://www.openwall.com/lists/oss-security/2008/09/22/2
- http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-8
- http://www.vupen.com/english/advisories/2008/2657
- http://jvn.jp/en/jp/JVN54824688/index.html
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000061.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
- http://osvdb.org/48511
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/libraries/js_escape.lib.php?r1=11514&r2=11603&pathrev=11603
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/js_escape.lib.php?view=log&pathrev=11603
- http://secunia.com/advisories/31974
- http://secunia.com/advisories/31992
- http://secunia.com/advisories/32954
- http://secunia.com/advisories/33822
- http://typo3.org/teams/security/security-bulletins/typo3-20080924-1/
- http://www.debian.org/security/2008/dsa-1675
- http://www.openwall.com/lists/oss-security/2008/09/22/2
- http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-8
- http://www.vupen.com/english/advisories/2008/2657
Products affected by CVE-2008-4326
-
cpe:2.3:a:microsoft:internet_explorer:-
-
cpe:2.3:a:microsoft:internet_explorer:10
-
cpe:2.3:a:microsoft:internet_explorer:11
-
cpe:2.3:a:microsoft:internet_explorer:3.0
-
cpe:2.3:a:microsoft:internet_explorer:3.0.1
-
cpe:2.3:a:microsoft:internet_explorer:3.0.2
-
cpe:2.3:a:microsoft:internet_explorer:3.1
-
cpe:2.3:a:microsoft:internet_explorer:3.2
-
cpe:2.3:a:microsoft:internet_explorer:4.0
-
cpe:2.3:a:microsoft:internet_explorer:4.0.1
-
cpe:2.3:a:microsoft:internet_explorer:4.01
-
cpe:2.3:a:microsoft:internet_explorer:4.1
-
cpe:2.3:a:microsoft:internet_explorer:4.40.308
-
cpe:2.3:a:microsoft:internet_explorer:4.40.520
-
cpe:2.3:a:microsoft:internet_explorer:4.5
-
cpe:2.3:a:microsoft:internet_explorer:4.70.1155
-
cpe:2.3:a:microsoft:internet_explorer:4.70.1158
-
cpe:2.3:a:microsoft:internet_explorer:4.70.1215
-
cpe:2.3:a:microsoft:internet_explorer:4.70.1300
-
cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3
-
cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6
-
cpe:2.3:a:microsoft:internet_explorer:4.71.544
-
cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8
-
cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8
-
cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713
-
cpe:2.3:a:microsoft:internet_explorer:5
-
cpe:2.3:a:microsoft:internet_explorer:5.0
-
cpe:2.3:a:microsoft:internet_explorer:5.0.1
-
cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10
-
cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309
-
cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216
-
cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003
-
cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900
-
cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500
-
cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800
-
cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307
-
cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800
-
cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000
-
cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000
-
cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106
-
cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101
-
cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000
-
cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000
-
cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000
-
cpe:2.3:a:microsoft:internet_explorer:5.01
-
cpe:2.3:a:microsoft:internet_explorer:5.1
-
cpe:2.3:a:microsoft:internet_explorer:5.2.3
-
cpe:2.3:a:microsoft:internet_explorer:5.5
-
cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300
-
cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400
-
cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0100
-
cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600
-
cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900
-
cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800
-
cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300
-
cpe:2.3:a:microsoft:internet_explorer:6
-
cpe:2.3:a:microsoft:internet_explorer:6.0
-
cpe:2.3:a:microsoft:internet_explorer:6.0.2600
-
cpe:2.3:a:microsoft:internet_explorer:6.0.2800
-
cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106
-
cpe:2.3:a:microsoft:internet_explorer:6.0.2900
-
cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180
-
cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000
-
cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006
-
cpe:2.3:a:microsoft:internet_explorer:6.00.2600.0000
-
cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106
-
cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180
-
cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000
-
cpe:2.3:a:microsoft:internet_explorer:6.00.3718.0000
-
cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000
-
cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830
-
cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959
-
cpe:2.3:a:microsoft:internet_explorer:7
-
cpe:2.3:a:microsoft:internet_explorer:7.0
-
cpe:2.3:a:microsoft:internet_explorer:7.0.5730
-
cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11
-
cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100
-
cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386
-
cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441
-
cpe:2.3:a:microsoft:internet_explorer:8
-
cpe:2.3:a:microsoft:internet_explorer:8.0.6001
-
cpe:2.3:a:microsoft:internet_explorer:9
-
cpe:2.3:a:phpmyadmin:phpmyadmin:0.9.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.6
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.7
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.8
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.1.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.6
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.7
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.8
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.3.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:1.3.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.01
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.1.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.2.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.3.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.3rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0beta1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.12.11.7.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0_pre1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0_pre2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0_rc2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0_rc3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.6
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.7_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_pre1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_pre2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.3.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.3.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.3.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.4.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_dev
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.7
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_beta1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.7_pl1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_beta1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9_rc1